Network Injector monitors all the HTTP connections and, following the injection rules, identifies the target's connections and injects the agent into the connections, linking it to the resources the target is downloading from Internet.
Resources that can be infected by RCS are any type of files.
NOTE: Network Injector is not able to monitor FTP or HTTPS connections.
To create a rule:
Enabling a rule means making it available to the Network Injector injection process. RCS routinely communicates with Network Injector to send rules and acquire logs. The operator is in charge of enabling this synchronization for Tactical Network Injector.
A rule that is not enabled is not applicable meaning it cannot be sent to the Network Injector.
If information is already known on target devices, numerous rules can be created, adapting them to the target's different habits, then enabling the most efficient rule or rules according to the situations that arise during a certain time in the investigation.
If no information is known on target devices, use Tactical Network Injector which allows operators to observe the target, identify the device used and infect it since on the field.
For this type of manual identification, specify TACTICAL in the User patterns field.
After Network Injector receives the infection rules, it is ready to start an attack.
During the sniffing phase, it checks whether any of the devices in the network meets the identification rules. If so, it sends the agent to the identified device and infects it.
RCS8.2 | User's and Installation Guide | © COPYRIGHT 2012